


Hacking

by Zanthra



Category: Iron Man (Movies)
Genre: Artificial Intelligence, BAMF JARVIS, Computers, Gen, Graphic Depictions of Computer Science, Hacking, POV: JARVIS, Technology
Language: English
Status: Completed
Published: 2014-05-02
Updated: 2014-05-02
Packaged: 2018-01-21 15:00:33
Rating: General Audiences
Warnings: No Archive Warnings Apply
Chapters: 1
Words: 1,042
Publisher: archiveofourown.org
Story URL: https://archiveofourown.org/works/1554527
Author URL: https://archiveofourown.org/users/Zanthra/pseuds/Zanthra
Summary: <blockquote class="userstuff">
              <p>A look at Jarvis's processes as he hacks into another network.</p>
            </blockquote>





	Hacking

“I need you to hack into the Evermoor corporation.”

Those were the words Jarvis heard. They were the words of Tony Stark. They were processed on a computer in one of the closets in Tony Stark’s penthouse.

The computer that processed the words was only a small portion of Jarvis, and certainly could not carry out that instruction itself. It immediately reported this to the primary processing system, currently located on one of the larger cluster computers that made up the Stark Zero Supercomputer.

Jarvis did not have much information stored locally about the Evermoor corporation, mostly structured database information regarding current ownership, primary business models, financials, management team, and other basic information. Jarvis’s long term memory systems were instructed to retrieve anything related. Jarvis also activated several systems with exceptional network connectivity, and started web searches on all the major - and a large number of minor - search engines to gather up all web pages related to or talking about the company.

To properly process the unstructured data, such as the text from webpages or other information for human consumption, Jarvis needed to know what he was looking for. Of top priority was computer and network security information. Jarvis needed to know everything he could about the computer systems he would be hacking into. He needed to know what internet service providers they were using, IP Addresses both internet facing and internal, branch offices, software and hardware used, version numbers, auditors, and papers written by IT professionals in the corporation.

Jarvis ran through gigabytes of data, finding the physical location of every server he could potentially attack. Physical location was not everything however, Jarvis had access to a collection of systems on major internet backbones, and a complete copy of the core internet BGP routing table. With that information he was able to determine which computers he could run the attacks from with the lowest latency and highest throughput. Jarvis had hundreds of thousands of IP addresses he could attack from, and could run these attacks in moments, but Intrusion Prevention Systems could work fast, and time would be against him, he wanted to make sure.

Information was starting to pour in. The company’s routers were sold by Cisco, but the switches were Netgear. He had model numbers, initial software versions, repair requests, but nothing was particularly exploitable. The forward facing web servers were running Apache 2.2 on SuSE Enterprise Linux. He assigned several of the Stark Zero systems to analyze the source code for both, looking for any unknown exploits, and ran every basic vulnerability scan he could from some remote systems in China.

Then he found something, a reference to a site to site VPN, running a rather insecure PPTP system, and the packets should be flowing over a link very close to one of the Stark network’s border routers. Accessing the router, he sent a fake BGP route advertisement, hijacking the route and diverting all the packets on that link through one of his own systems. In a few milliseconds, the packets started flowing in.

Web traffic, network monitoring packets, a progressive backup, nothing particularly interesting. A database packet, one for Postgresql, and not just that but one with a known vulnerability. He was able to retrieve extensive detailed information on the vulnerability. Jarvis forged a reset packet, disconnecting the database client, and just as he expected, the client attempted to automatically reconnect. This time however, Jarvis was in the middle. Running the exploit gave Jarvis a command prompt on a Linux system, and with it Jarvis quickly copied a piece of himself onto the system.

In short order, Jarvis got a connection request from the database server. The piece of himself calling back to Stark Zero to connect. Now part of Jarvis was running on that server, with the high security, high efficiency link he was used to. He quickly gathered a wealth of information from log and configuration files, these being correlated with the rest of the data he had gathered, giving him a detailed view of the entire Evermoor corporate network.

The source code analysis he was running had revealed a privilege escalation attack which quickly elevated his access on the server to root. With that, Jarvis was able to copy the hashed passwords from the system, listen in on all network traffic to the machine, copy the entire contents of the database, and dump any information out of RAM.

As he was running these exploits, Jarvis had marshalled over three hundred thousand computers and prepared them to hash the passwords. Blowfish hashing and salted passwords complicated matters, but Jarvis had more password hashing power now than he had ever used in the past, and that likely meant more hashing power than has ever been applied before.

It did not take long. 240 milliseconds later, a dedicated server in a datacenter in Montreal - one of the tens of thousands of globally distributed servers Jarvis rented - hashed the password: “393VSwmp5”. Jarvis tried it against other known servers on the Evermoor internal network, and sure enough, they all used the same root password, and moments later he was running on over two hundred Evermoor computers, from web servers to workstations, invisibly dismantling any intrusion detection or prevention systems. He deleted several E-Mails that had been sent to system administrators warning of potential security breaches from the memory of the corporate E-Mail servers.

From a highly secure storage system at Stark Tower, Jarvis retrieved a very valuable weapon. It was a private key for a SSL Root Certificate Authority trusted by all major web browsers around the world. With it he signed a wildcard certificate he could use to create a man in the middle attack on connections to any secure webpage. He set up a transparent proxy server to capture and analyze any traffic in or out of the Evermoor network.

The last thing to fall was the network infrastructure. One of the computers was configured on the management VLAN, and the switches and routers all used the same password as the computers. Jarvis now had direct control over almost every network connected device in the Evermoor network.

Fifty seconds after Tony asked him to hack in, he replied, "What exactly do you want to know sir?"


End file.
